Active Directory under the hood

Active Directory utilizes two main standards. These are the X.500 standard and LDAP. This video looks at how the X.500 standard is used to store the Active Directory objects in the database. It also looks at how LDAP is used to access this data and the formatting LDAP uses.NTDS.DITThe Active Directory Database by default is stored in c:\windows\NTDS\ntds.dit. This file is based on the X.500 standard. Originally Active Directory was called NT Directory Services and this is where the file got its name.Each domain in Active Directory will have a separate database. Domain Controllers hold the copy of the database in the ntds.dit file and replicate changes to each other. If you have more than one domain, then each separate domain will have its own copy of the ntds.dit file.Organization UnitsIn order to organize objects in Active Directory more easily, objects in Active Directory can be organized into Organization Units, also known as OUs. These OUs are like folders on your hard disk.LDAP SyntaxLDAP uses a syntax that refers to the most significant part first followed by less significant or precise parts afterwards. This is the opposite of other systems, like filenames or paths. The main syntax of any LDAP command is like this example: CN=Joe, OU=Users, DC=ITFreeTraining, DC=Com. When an object can be defined uniquely, like in this example, it is called the distinguished name.Canonical Name (CN)This is the name of the object in Active Directory that you want to access. For example, if you wanted to access a user called Joe, you would use CN=Joe.Organization Unit (OU)Organization units in Active Directory are used to sort objects into different areas or folders. If you have multiple OUs, then start with the lowest in the tree and expand downwards. For example if a user was in Users\Acounts\Payable you would use OU=Users, OU=Accounts, OU=Payable.Domain Component (DC)This is the domain in which the object is located. For example DC=ITFreeTraining, DC=com.